You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
51 lines
1.5 KiB
51 lines
1.5 KiB
3 years ago
|
// Copyright 2018 by David A. Golden. All rights reserved.
|
||
|
//
|
||
|
// Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||
|
// not use this file except in compliance with the License. You may obtain
|
||
|
// a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
|
||
|
|
||
|
package scram
|
||
|
|
||
|
import "sync"
|
||
|
|
||
|
// Server implements the server side of SCRAM authentication. It holds
|
||
|
// configuration values needed to initialize new server-side conversations.
|
||
|
// Generally, this can be persistent within an application.
|
||
|
type Server struct {
|
||
|
sync.RWMutex
|
||
|
credentialCB CredentialLookup
|
||
|
nonceGen NonceGeneratorFcn
|
||
|
hashGen HashGeneratorFcn
|
||
|
}
|
||
|
|
||
|
func newServer(cl CredentialLookup, fcn HashGeneratorFcn) (*Server, error) {
|
||
|
return &Server{
|
||
|
credentialCB: cl,
|
||
|
nonceGen: defaultNonceGenerator,
|
||
|
hashGen: fcn,
|
||
|
}, nil
|
||
|
}
|
||
|
|
||
|
// WithNonceGenerator replaces the default nonce generator (base64 encoding of
|
||
|
// 24 bytes from crypto/rand) with a custom generator. This is provided for
|
||
|
// testing or for users with custom nonce requirements.
|
||
|
func (s *Server) WithNonceGenerator(ng NonceGeneratorFcn) *Server {
|
||
|
s.Lock()
|
||
|
defer s.Unlock()
|
||
|
s.nonceGen = ng
|
||
|
return s
|
||
|
}
|
||
|
|
||
|
// NewConversation constructs a server-side authentication conversation.
|
||
|
// Conversations cannot be reused, so this must be called for each new
|
||
|
// authentication attempt.
|
||
|
func (s *Server) NewConversation() *ServerConversation {
|
||
|
s.RLock()
|
||
|
defer s.RUnlock()
|
||
|
return &ServerConversation{
|
||
|
nonceGen: s.nonceGen,
|
||
|
hashGen: s.hashGen,
|
||
|
credentialCB: s.credentialCB,
|
||
|
}
|
||
|
}
|